Research On Secure Data Deduplication Methods In Cloud Storag

Deduplication is widely used in cloud storage services to save storage resources and improve efficiency.Deduplication is to delete the redundant data stored in the cloud server,while only one original copy of the corresponding file is retained.In order to protect the confidentiality,users tend to encrypt their data before outsourcing them to the cloud server.Due to the diversity of user keys,the same plaintext will be encrypted into different ciphertext,and the cloud server cannot effectively perform deduplication.The existing deduplication schemes mostly rely on the assistance of a secure trusted third-party server,which undermines the security and system execution efficiency,resulting in unsatisfying practicability.How to find a secure method to get rid of the dependence on a secure trusted third-party server,so that deduplication can be performed safely and efficiently on the cloud server has become a research focus in recent years.The main contributions of this thesis are shown in the following two aspects:1)A secure data deduplication scheme based on Intel Software Guard Extension(Intel SGX)is proposed.The security container called Enclave provided by Intel SGX is used as a secure execution environment to replace the role of trusted third-party server.The remote authentication mechanism can build an end-to-end secure channel between the cloud server and the client Enclave,so that the cloud server can safely transfer sensitive information to the client.And data sealing mechanism can effectively protect the private data stored in the client.Security analysis and simulation experiments show that compared with most previous deduplication schemes,this scheme not only enhances the security,but also improves efficiency,and is easy to implement in real world applications,so it has a certain application value.2)A new method of Proof of Ownership(PoW)in cloud storage deduplication is proposed.Enclave provided by Intel SGX is used as a trusted execution environment to help client users get file encryption keys.In addition,a new authentication data structure named Dynamic Merkle Hash Forest(DMHF)is designed,and a PoW method based on DMHF is proposed.It not only ensures the processing efficiency of large files,but also improves the security of PoW process for small files.Security analysis and performance evaluation show that this scheme significantly improves the security of PoW process and the efficiency of deduplication,which is better than most previous schemes.In addition,this scheme is easy to implement in practical application.